AIKIDO-2024-10413

nope-validator is vulnerable to Regular Expression Denial of Service (ReDoS)

Medium

nope-validator js

AIKIDO-2024-10413: nope-validator is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 0.2.0 - 0.11.3.

Regular Expression Denial of Service (ReDoS)

Vuln in 0.2.0 - 0.11.3

Fixed in 0.12.1

CVE-2020-26309

TL;DR

Affected versions of this package are vulnerable to regular expression denial of service (ReDoS) due to the use of insecure regular expressions in consts.ts.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade nope-validator library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10413

nope-validator is vulnerable to Regular Expression Denial of Service (ReDoS)

nope-validator js

AIKIDO-2024-10413: nope-validator is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 0.2.0 - 0.11.3.

Don’t be left in the dark